一鍵部署haproxy+keepalived實現負載均衡+高可用

實驗環境：

！！！！??? 特別注意： www.westos.org為test1的minion名字

test1: 172.25.1.11????? nginx ????????? ?? ? master??????? minion

test2: 172.25.1.12??? ? httpd ????????? ? ? ? minion

test3: 172.25.1.13???? haproxy???? ? ???? minion

這里要下載高可用軟件的test4需要配置高可用yum源

[root@test4 ~]# cd /etc/yum.repos.d/
[root@test4 yum.repos.d]# vim rhel-source.repo

[rhel-source]
name=Red Hat Enterprise Linux $releasever - $basearch - Source
baseurl=http://172.25.1.250/rhel6.5
enabled=1
gpgcheck=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release

[salt]
name=saltstack
baseurl=file:///rhel6
enabled=1
gpgcheck=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release

[LoadBalancer]
name=LoadBalancer
baseurl=http://172.25.1.250/rhel6.5/LoadBalancer
gpgcheck=0
?
[HighAvailability]
name=HighAvailability
baseurl=http://172.25.1.250/rhel6.5/HighAvailability
gpgcheck=0
?
[ResilientStorage]
name=ResilientStorage
baseurl=http://172.25.1.250/rhel6.5/ResilientStorage
gpgcheck=0
?
[ScalableFileSystem]
name=ScalableFileSystem
baseurl=http://172.25.1.250/rhel6.5/ScalableFileSystem
gpgcheck=0

注意：實驗前需要進行解析，上一篇文章已經解釋，這里不再贅述

共開三臺虛擬機test1、test2、test3，在test1上配置好salt-msater服務，test1、test2和test3安裝并配置好salt-minion服務，具體可參照上篇文章。

1、配置master端

[root@test1 ~]# yum install -y salt-master??????????????????? //安裝master

[root@test1 ~]# vim /etc/salt/master

[root@test1 ~]# /etc/init.d/salt-master start

2、配置minion端

[root@test1 ~]# yum install -y salt-minion

配置yun源

[root@test1 ~]# scp /etc/yum.repos.d/rhel-source.repo root@test2:/etc/yum.repos.d/?????????? //將yum源配置文件發送給test2和test3

[root@test1 ~]# scp /etc/yum.repos.d/rhel-source.repo root@test3:/etc/yum.repos.d/????????

[root@test1 ~]# scp /rhel6/ root@test2:/

[root@test1 ~]# scp /rhel6/ root@test3:/

[root@test3 ~]# yum repolist???????????? //可以看出有29個saltstack安裝包,此時yum源搭建成功

接下來test1、test2和test3步驟完全相同

[root@test3 ~]# yum install -y salt-minion

[root@test3 ~]# cd /etc/salt/
[root@test3 salt]# ls

[root@test3 salt]# vim minion

[root@test3 salt]# /etc/init.d/salt-minion start

3、交換密鑰對

[root@test1 ~]# salt-key -L
Accepted Keys:
Denied Keys:
Unaccepted Keys:

www.westos.org

test2
test3
Rejected Keys:

[root@test1 ~]# salt-key -A
The following keys are going to be accepted:
Unaccepted Keys:

www.westos.org

test2
test3
Proceed? [n/Y] y
Key for minion test4 accepted.

溫馨提示：

有個命令大家需要掌握：

salt-key -D??????????? //刪除所有連接master的minion主機

salt-key -d 主機名?????????? //刪除連接master的該minion主機

到此三臺主機的salt-minion就搭建完畢了

4、開始搭建nginx:

[root@test1 ~]# mkdir /srv/salt
[root@test1 ~]# cd /srv/salt/

[root@test1 salt]# mkdir nginx
[root@test1 salt]# cd nginx/

[root@test1 nginx]# mkdir files
[root@test1 nginx]# cd files/

[root@test1 files]# cp /root/nginx-1.14.0.tar.gz .????? //注意：這里需要用到nginx源碼包，請提前將其下載下來并放到/root下以便拷貝

[root@test1 files]# cd ..

[root@test1 nginx]# vim install.sls?

[root@test1 nginx]# cat install.sls
nginx-install:
? pkg.installed:
??? - pkgs:
????? - pcre-devel
????? - openssl-devel
????? - gcc
? file.managed:
??? - name: /mnt/nginx-1.14.0.tar.gz
??? - source: salt://nginx/files/nginx-1.14.0.tar.gz
[root@test1 nginx]# salt www.westos.org1 state.sls nginx.install? 安裝依賴性成功并把包導入了test2的/mnt下

在test2查看/mnt下已經有了tar包，代表：

[root@test2 salt]# cd /mnt/
[root@test2 mnt]# ls
nginx-1.14.0.tar.gz

在test2搭建環境確保命令可以執行寫入腳本：
[root@test2 nginx-1.14.0]# sed -i.bak 's/#define NGINX_VER????????? "nginx\/" NGINX_VERSION/#define NGINX_VER????????? "nginx"/g' src/core/nginx.h ????????????????????????? //去版本號
[root@test2 nginx-1.14.0]# vim src/core/nginx.h?? 已經去掉版本號確保安全
[root@test2 nginx-1.14.0]# sed -i.bak 's/CFLAGS="$CFLAGS -g"/#CFLAGS="$CFLAGS -g"/g' auto/cc/gcc

[root@test2 nginx-1.14.0]# vim auto/cc/gcc????????????????? //查看是否加上注釋號

[root@test1 files]# vim nginx???????????????? //寫個nginx啟動腳本

#!/bin/sh
# nginx??????? Startup script for nginx
# chkconfig: - 85 15
# processname: nginx
# config: /usr/local/nginx/conf/nginx/nginx.conf
# pidfile: /usr/local/nginx/logs/nginx.pid
# description: nginx is an HTTP and reverse proxy server
### BEGIN INIT INFO
# Provides: nginx
# Required-Start: $local_fs $remote_fs $network
# Required-Stop: $local_fs $remote_fs $network
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: start and stop nginx
### END INIT INFO

# Source function library.
. /etc/rc.d/init.d/functions

if [ -L $0 ]; then
??? initscript=`/bin/readlink -f $0`
else
??? initscript=$0
fi

#sysconfig=`/bin/basename $initscript`

#if [ -f /etc/sysconfig/$sysconfig ]; then
#??? . /etc/sysconfig/$sysconfig
#fi

nginx=${NGINX-/usr/local/nginx/sbin/nginx}
prog=`/bin/basename $nginx`
conffile=${CONFFILE-/usr/local/nginx/conf/nginx.conf}
lockfile=${LOCKFILE-/var/lock/subsys/nginx}
pidfile=${PIDFILE-/usr/local/nginx/logs/nginx.pid}
SLEEPMSEC=${SLEEPMSEC-200000}
UPGRADEWAITLOOPS=${UPGRADEWAITLOOPS-5}
RETVAL=0

start() {
??? echo -n $"Starting $prog: "

??? daemon --pidfile=${pidfile} ${nginx} -c ${conffile}
??? RETVAL=$?
??? echo
??? [ $RETVAL = 0 ] && touch ${lockfile}
??? return $RETVAL
}

stop() {
??? echo -n $"Stopping $prog: "
??? killproc -p ${pidfile} ${prog}
??? RETVAL=$?
??? echo
??? [ $RETVAL = 0 ] && rm -f ${lockfile} ${pidfile}
}

reload() {
??? echo -n $"Reloading $prog: "
??? killproc -p ${pidfile} ${prog} -HUP
??? RETVAL=$?
??? echo
}

upgrade() {
??? oldbinpidfile=${pidfile}.oldbin

??? configtest -q || return
??? echo -n $"Starting new master $prog: "
??? killproc -p ${pidfile} ${prog} -USR2
??? echo

??? for i in `/usr/bin/seq $UPGRADEWAITLOOPS`; do
??????? /bin/usleep $SLEEPMSEC
??????? if [ -f ${oldbinpidfile} -a -f ${pidfile} ]; then
??????????? echo -n $"Graceful shutdown of old $prog: "
??????????? killproc -p ${oldbinpidfile} ${prog} -QUIT
??????????? RETVAL=$?
??????????? echo
??????????? return
??????? fi
??? done

??? echo $"Upgrade failed!"
??? RETVAL=1
}

configtest() {
??? if [ "$#" -ne 0 ] ; then
??????? case "$1" in
??????????? -q)
??????????????? FLAG=$1
??????????????? ;;
??????????? *)
??????????????? ;;
??????? esac
??????? shift
??? fi
??? ${nginx} -t -c ${conffile} $FLAG
??? RETVAL=$?
??? return $RETVAL
}

rh_status() {
??? status -p ${pidfile} ${nginx}
}

# See how we were called.
case "$1" in
??? start)
??????? rh_status >/dev/null 2>&1 && exit 0
??????? start
??????? ;;
??? stop)
??????? stop
??????? ;;
??? status)
??????? rh_status
??????? RETVAL=$?
??????? ;;
??? restart)
??????? configtest -q || exit $RETVAL
??????? stop
??????? start
??????? ;;
??? upgrade)
??????? rh_status >/dev/null 2>&1 || exit 0
??????? upgrade
??????? ;;
??? condrestart|try-restart)
??????? if rh_status >/dev/null 2>&1; then
??????????? stop
??????????? start
??????? fi
??????? ;;
??? force-reload|reload)
??????? reload
??????? ;;
??? configtest)
??????? configtest
??????? ;;
??? *)
??????? echo $"Usage: $prog {start|stop|restart|condrestart|try-restart|force-reload|upgrade|reload|status|help|configtest}"
??????? RETVAL=2
esac

exit $RETVAL
?

[root@test1 files]# ls

[root@test1 files]# cd /srv/salt

[root@test1 salt]# mkdir pkgs/??????????????????

[root@test1 salt]# cd pkgs/
[root@test1 pkgs]# vim? make.sls

make-gcc:
? pkg.installed:
??? - pkgs:
????? - pcre-devel
????? - openssl-devel
????? - gcc

[root@test1 pkgs]# cd ..

[root@test1 salt]# mkdir users/

[root@test1 salt]# cd users/

[root@test1 users]# vim nginx.sls

nginx-group:
? group.present:
??? - name: nginx
??? - gid: 800

nginx-user:
? user.present:
??? - name: nginx
??? - uid: 800
??? - gid: 800
??? - shell: /sbin/nologin
??? - createhome: False
??? - home: /usr/local/nginx

[root@test1 nginx]# vim install.sls
[root@test1 nginx]# cat install.sls

include:
? - pkgs.make?????????????????? //導入make包

nginx-install:?????????????
? file.managed:
??? - name: /mnt/nginx-1.14.0.tar.gz
??? - source: salt://nginx/files/nginx-1.14.0.tar.gz
? cmd.run:
??? - name: cd /mnt && tar zxf nginx-1.14.0.tar.gz && cd nginx-1.14.0 && sed -i.bak 's/#define NGINX_VER????????? "nginx\/" NGINX_VERSION/#define NGINX_VER????????? "nginx"/g' src/core/nginx.h && sed -i.bak 's/CFLAGS="$CFLAGS -g"/#CFLAGS="$CFLAGS -g"/g' auto/cc/gcc && ./configure --prefix=/usr/local/nginx --with-http_ssl_module --with-http_stub_status_module --with-threads --with-file-aio &> /dev/null && make &> /dev/null && make install &> /dev/null
??? - creates: /usr/local/nginx?

[root@test1 nginx]# vim service.sls
[root@test1 nginx]# cat service.sls

include:
? - users.nginx?????????????? //需要創建用戶，這里是導入創建用戶的包
? - nginx.install

/usr/local/nginx/conf/nginx.conf:
? file.managed:
??? - source: salt://nginx/files/nginx.conf

nginx-service:
? file.managed:
??? - name: /etc/init.d/nginx
??? - source: salt://nginx/files/nginx
??? - mode: 755
? service.running:
??? - name: nginx
??? - reload: True
??? - watch:
????? - file: /usr/local/nginx/conf/nginx.conf

到此nginx部署完畢，推送試一下：

[root@test1 files]# salt www.westos.org state.sls nginx.service??????????? //測試成功

5、搭建apache:

[root@test1 salt]# pwd
/srv/salt

[root@test1 salt]# mkdir apache

[root@test1 salt]# cd apache/

[root@test1 apache]# vim web.sls???????????????? //目的是得到httpd的配置文件

apache-install:
? pkg.installed:
??? - pkgs:
????? - httpd
????? - php

[root@test1 apache]# salt test2 state.sls apache.web??????????? //master將服務推過去到test2

[root@test2 ~]# scp /etc/httpd/conf/httpd.conf? root@test1:/srv/salt/apache/files ????????????

[root@test1 apache]# mv web.sls install.sls

[root@test1 apache]# vim install.sls

[root@test1 apache]# cat install.sls

apache-install:
? pkg.installed:
??? - pkgs:
????? - httpd
????? - php
? file.managed:
??? - name: /var/www/html/index.html
??? - source: salt://apache/files/index.html
??? - mode: 644
??? - user: root
??? - group: root

[root@test1 apache]# vim service.sls

[root@test1 apache]# cat service.sls

include:
? - apache.install

apache-service:
? file.managed:
? - name: /etc/httpd/conf/httpd.conf
? - source: salt://apache/files/httpd.conf

? service.running:
??? - name: httpd
??? - enable: True
??? - reload: True
??? - watch:
????? - file: apache-service

[root@test1 apache]# ls
files? install.sls? service.sls
[root@test1 apache]# cd files/
[root@test1 files]# ls

httpd.conf?

[root@test1 files]# vim index.html

apache搭建完畢

[root@test1 files]# salt test2 state.sls apache.service??????????????? //推送成功

馬上要搭建haproxy服務了，提前添加test3為minion

服務下載及配置方法同上面的minion主機，這里不再贅述

[root@test1 salt]# salt-key -A

[root@test1 salt]# salt-key -L

6、haproxy實現負載均衡，web服務器為www.westos.org和test2

[root@test1 salt]# pwd?

/srv/salt

apache? nginx? pkgs? users
[root@test1 salt]# mkdir haproxy
[root@test1 salt]# cd haproxy/
[root@test1 haproxy]# mkdir files
[root@test1 haproxy]# vim haproxy.install

haproxy-install:
? pkg.installed:
??? - pkgs:
????? - haproxy

[root@test1 haproxy]# salt test3 state.sls haproxy.install??????????????????? //test3下載haproxy服務得到haproxy.cfg配置文件

[root@test3 examples]# scp haproxy.init content-sw-sample.cfg root@test1:srv/salt/haproxy/files? ? ?? //test3將啟動腳本和配置文件遠程發送給test1

[root@test1 haproxy]# cd files/
[root@test1 files]# ls???????????????????? //可以看到配置文件已經傳送過來了
content-sw-sample.cfg? haproxy.init

[root@test1 files]# mv content-sw-sample.cfg? haproxy.cfg

[root@test1 files]# vim haproxy.cfg????????????? //修改haproxy的配置文件，實現高可用

?# This is a sample configuration. It illustrates how to separate static objects
# traffic from dynamic traffic, and how to dynamically regulate the server load.
# It listens on 192.168.1.10:80, and directs all requests for Host 'img' or
# URIs starting with /img or /css to a dedicated group of servers. URIs
# starting with /admin/stats deliver the stats page.

global
??????? maxconn???????? 10000???? ?

??????? stats socket??? /var/run/haproxy.stat mode 600 level admin
??????? log???????????? 127.0.0.1 local0?? ?
??????? uid???????????? 188
??????? gid???????????? 188
??????? chroot????????? /var/empty??? ?
??????? daemon???????? ?

# The public 'www' address in the DMZ
frontend public
??????? bind???????????? *:8080? ?
??????? mode???????????? http??????? ?
??????? log????????????? global
??????? option?????????? httplog???? ?
??????? option?????????? dontlognull? ?
??????? monitor-uri????? /monitoruri
??????? maxconn???????? 8000???????? ?
??????? timeout client? 30s????????? ?
??????? stats uri?????? /admin/stats?? ?
#??????? use_backend???? static if { hdr_beg(host) -i img }
#??????? use_backend???? static if { path_beg /img /css?? }
??? default_backend static

# The static backend backend for 'Host: img', /img and /css.
backend static
??????? mode??????????? http
??????? balance???????? roundrobin???? ?
??????? option prefer-last-server
??????? retries???????? 2?????????? ?
??????? option redispatch???? ?
??????? timeout connect 5s????????? ?
??????? timeout server? 5s????????? ?
??????? server????????? statsrv1 172.25.1.11:80 check inter 1000?????????????????????????
??????? server????????? statsrv2 172.25.1.12:80 check inter 1000

[root@test1 files]# cat haproxy.init?????????????????? //查看haproxy的啟動腳本

#!/bin/sh
#
# chkconfig: - 85 15
# description: HA-Proxy is a TCP/HTTP reverse proxy which is particularly suited \
#????????????? for high availability environments.
# processname: haproxy
# config: /etc/haproxy/haproxy.cfg
# pidfile: /var/run/haproxy.pid

# Script Author: Simon Matter <simon.matter@invoca.ch>
# Version: 2004060600

# Source function library.
if [ -f /etc/init.d/functions ]; then
? . /etc/init.d/functions
elif [ -f /etc/rc.d/init.d/functions ] ; then
? . /etc/rc.d/init.d/functions
else
? exit 0
fi

# Source networking configuration.
. /etc/sysconfig/network

# Check that networking is up.
[ ${NETWORKING} = "no" ] && exit 0

# This is our service name
BASENAME=`basename $0`
if [ -L $0 ]; then
? BASENAME=`find $0 -name $BASENAME -printf %l`
? BASENAME=`basename $BASENAME`
fi

BIN=/usr/sbin/$BASENAME

CFG=/etc/$BASENAME/$BASENAME.cfg
[ -f $CFG ] || exit 1

PIDFILE=/var/run/$BASENAME.pid
LOCKFILE=/var/lock/subsys/$BASENAME

RETVAL=0

start() {
? quiet_check
? if [ $? -ne 0 ]; then
??? echo "Errors found in configuration file, check it with '$BASENAME check'."
??? return 1
? fi

? echo -n "Starting $BASENAME: "
? daemon $BIN -D -f $CFG -p $PIDFILE
? RETVAL=$?
? echo
? [ $RETVAL -eq 0 ] && touch $LOCKFILE
? return $RETVAL
}

stop() {
? echo -n "Shutting down $BASENAME: "
? killproc $BASENAME -USR1
? RETVAL=$?
? echo
? [ $RETVAL -eq 0 ] && rm -f $LOCKFILE
? [ $RETVAL -eq 0 ] && rm -f $PIDFILE
? return $RETVAL
}

restart() {
? quiet_check
? if [ $? -ne 0 ]; then
??? echo "Errors found in configuration file, check it with '$BASENAME check'."
??? return 1
? fi
? stop
? start
}

reload() {
? if ! [ -s $PIDFILE ]; then
??? return 0
? fi

? quiet_check
? if [ $? -ne 0 ]; then
??? echo "Errors found in configuration file, check it with '$BASENAME check'."
??? return 1
? fi
? $BIN -D -f $CFG -p $PIDFILE -sf $(cat $PIDFILE)
}

check() {
? $BIN -c -q -V -f $CFG
}

quiet_check() {
? $BIN -c -q -f $CFG
}

rhstatus() {
? status $BASENAME
}

condrestart() {
? [ -e $LOCKFILE ] && restart || :
}

# See how we were called.
case "$1" in
? start)
??? start
??? ;;
? stop)
??? stop
??? ;;
? restart)
??? restart
??? ;;
? reload)
??? reload
??? ;;
? condrestart)
??? condrestart
??? ;;
? status)
??? rhstatus
??? ;;
? check)
??? check
??? ;;
? *)
??? echo $"Usage: $BASENAME {start|stop|restart|reload|condrestart|status|check}"
??? exit 1
esac
?
exit $?

[root@test1 files]# cd ..
[root@test1 haproxy]# vim install.sls

include:
? - pkgs.make
?
haproxy-install:
? file.managed:
??? - name: /mnt/haproxy-1.6.13.tar.gz
??? - source: salt://haproxy/files/haproxy-1.6.13.tar.gz
? cmd.run:
??? - name: cd /mnt && tar zxf haproxy-1.6.13.tar.gz && cd haproxy-1.6.13 && make TARGET=linux2628 USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1 PREFIX=/usr/local/haproxy &> /dev/null && make TARGET=linux2628 USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1 PREFIX=/usr/local/haproxy install && cd .. && rm -rf haproxy-1.6.13.tar.gz
??? - creates: /usr/local/haproxy

/etc/haproxy:
? file.directory:
??? - mode: 755

/usr/sbin/haproxy:
? file.symlink:
??? - target: /usr/local/haproxy/sbin/haproxy

[root@test1 haproxy]# salt test3 state.sls haproxy.install????

?//將已經配置好高可用的haproxy配置文件推送給test3,若成功了則繼續寫service文件

[root@test1 haproxy]# cd ../users

[root@test1 users]# vim haproxy.sls

haproxy-group:
? group.present:
??? - name: haproxy
??? - gid: 188

haproxy-user:
? user.present:
??? - name: haproxy
??? - uid: 188
??? - gid: 188
??? - shell: /sbin/nologin
??? - home: /usr/local/haproxy
??? - createhome: False

[root@test1 users]# cd ../haproxy/

[root@test1 haproxy]# vim service.sls

include:
? - haproxy.install
? - users.haproxy

/etc/haproxy/haproxy.cfg:
? file.managed:
??? - source: salt://haproxy/files/haproxy.cfg

haproxy-service:
? file.managed:
??? - name: /etc/init.d/haproxy
??? - source: salt://haproxy/files/haproxy.init
??? - mode: 755
? service.running:
??? - name: haproxy
??? - reload: True
??? - watch:
????? - file: /etc/haproxy/haproxy.cfg

[root@test1 haproxy]# cd ..
[root@test1 salt]# vim top.sls???????????????? //寫一個文件，實現一步到位

base:
? 'www.westos.org':
??? - nginx.service
? 'test2':
??? - apache.service
? 'test3':
??? - haproxy.service

[root@test1 salt]# salt '*' state.highstate????????????? //一步進行所有服務的推送

在test1、test2、test3上查看是否實現了負載均衡

在網頁進行測試，發現網頁是以兩個頁面在交替運行

到此：haproxy的負載均衡就實現啦。

7、搭建keepalived服務

實驗環境：

? salt服務	? ? 主機（minion名稱）	???????????? 主機IP	????? 服務1 ?	? ? ? ? ? ? ? ? 服務2
? master	? test1(www.westos.org)	????? 172.25.1.11	?? ? ? ? ?? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? nginx ?
? minion	? ? ? ?? test2? (test2)	????? 172.25.1.12	?????????????? ? ? ?????????? ? ? ? ? ? ? httpd
? minion	? ?????? test3? (test3)	????? 172.25.1.13	??????????????????????? haproxy ? ? ? ? ? ? ?? keepalived(master)
? minion	? ? ? ?? test4? (test4)	???? 172.25.1.14?????	? ? ? ? ? ? ? ? ? ? ?? haproxy?? ?????? ????? keepalived(backup)??????????

?

?

?

?

?

?

注意：這里的test3和test4需要下載haproxy高可用軟件，所以需要配置高可用yum源，具體看文章開頭的yum源配置文件

也可以直接拷貝test1的yum源配置文件

[root@test1 ~]# scp /etc/yum.repos.d/rhel-source.repo root@test1:/etc/yum.repos.d/

首先，添加主機test4:

[root@test4 ~]# yum install -y salt-minion

[root@test4 ~]# vim /etc/salt/minion

[root@test4 ~]# /etc/init.d/salt-minion start

[root@test1 ~]# salt-key -A

[root@test1 ~]# salt-key -L

[root@test1 salt]# ls
apache? haproxy? nginx? pkgs? top.sls? users
[root@test1 salt]# cd pkgs/???????????????? //在這個目錄下存放的是源碼編譯時用到的安裝包，避免多次寫這些安裝包
[root@test1 pkgs]# ls
make.sls
[root@test1 pkgs]# cat make.sls
make-gcc:
? pkg.installed:
??? - pkgs:
????? - pcre-devel
????? - openssl-devel
????? - gcc
[root@test1 pkgs]# cd ..
[root@test1 salt]# ls
apache? haproxy? nginx? pkgs? top.sls? users
[root@test1 salt]# mkdir keepalived??????????????? //創建keepalived的目錄
[root@test1 salt]# cd keepalived/
[root@test1 keepalived]# mkdir files?????? ? //用來存放源碼編譯所需的壓縮包? ，配置文件
[root@test1 files]# cd
[root@test1 ~]# ls??????????????? //注意：這里的源碼包是提前下載到/root下的
keepalived-2.0.6.tar.gz
[root@test1 ~]# mv keepalived-2.0.6.tar.gz /srv/salt/keepalived/files/?????????????????? //將其移動到file目錄下
[root@test1 ~]# cd -
/srv/salt/keepalived/files
[root@test1 files]# ls
keepalived-2.0.6.tar.gz
[root@test1 files]# cd ..
[root@test1 keepalived]# vim install.sls????????????????????? //編寫keepalived的源碼編譯文件

include:
? - pkgs.make

keepalived-install:
? file.managed:
??? - name: /mnt/keepalived-2.0.6.tar.gz
??? - source: salt://keepalived/files/keepalived-2.0.6.tar.gz
? cmd.run:
??? - name: cd /mnt && tar zxf keepalived-2.0.6.tar.gz && cd keepalived-2.0.6 &&? ./configure --prefix=/usr/local/keepalived --with-init=SYSV &> /dev/null && make &> /dev/null && make install &> /dev/null
??? - creates: /usr/local/keepalived

[root@test1 keepalived]# salt test4 state.sls keepalived.install ???????????? //一鍵將服務推送到test4上

在test4上查看服務

[root@test4 ~]# cd /mnt/
[root@test4 mnt]# ls

到我們該拷貝配置文件的時候了，由于keepalived服務有兩個配置文件，所以我們應該傳給test1兩個配置文件，分別是keeplived和keepalived.conf

[root@test4 mnt]# cd /usr/local/keepalived/etc/rc.d/init.d
[root@test4 init.d]# ls
keepalived
[root@test4 init.d]# scp keepalived root@test1:/srv/salt/keepalived/files/
[root@test4 init.d]# cd /usr/local/keepalived/etc/keepalived
[root@test4 keepalived]# ls
keepalived.conf? samples
[root@test4 keepalived]# scp keepalived.conf root@test1:/srv/salt/keepalived/files/

[root@test1 keepalived]# cd files/????????????????? //返回test1的files目錄查看配置文件已經拷貝過來
[root@test1 files]# ls
keepalived? keepalived-2.0.6.tar.gz? keepalived.conf

[root@test1 files]# cd ..
[root@test1 keepalived]# vim install.sls

include:
? - pkgs.make

keepalived-install:
? file.managed:
??? - name: /mnt/keepalived-2.0.6.tar.gz
??? - source: salt://keepalived/files/keepalived-2.0.6.tar.gz
? cmd.run:
??? - name: cd /mnt && tar zxf keepalived-2.0.6.tar.gz && cd keepalived-2.0.6 &&? ./configure --prefix=/usr/local/keepalived --with-init=SYSV &> /dev/null && make &> /dev/null && make install &> /dev/null
??? - creates: /usr/local/keepalived

/etc/keepalived:
? file.directory:
??? - mode: 755

/etc/sysconfig/keepalived:
? file.symlink:
??? - target: /usr/local/keepalived/etc/sysconfig/keepalived

/sbin/keepalived:
? file.symlink:
??? - target: /usr/local/keepalived/sbin/keepalived

此時keepalived服務配置完成

新的問題出現是，由于test1和test4都需要安裝keepalived服務，且test1作master；test4作backup

這里有部分需要改為變量，如所以我們需要引入模塊，叫pillar模塊和jinja模塊。

上面完成了keepalived的install配置，接下來完成service.sls配置

[root@test1 salt]# cd /srv/salt/keepalived/files/

[root@test1 files]# vim keepalived.conf?????????????? //結合Jinja，將keepalived的配置文件中的state和priority的參數設置成變量

! Configuration File for keepalived

global_defs {
?? notification_email {
??????? root@localhost
?? }
?? notification_email_from keepalived.localhost
?? smtp_server 127.0.0.1
? smtp_connect_timeout 30
?? router_id LVS_DEVEL
?? vrrp_skip_check_adv_addr
?? vrrp_strict
?? vrrp_garp_interval 0
?? vrrp_gna_interval 0
}

vrrp_instance VI_1 {
??? state {{ STATE }}
??? interface eth0
??? virtual_router_id 21
??? priority {{ PRIORITY }}
??? advert_int 1
??? authentication {
??????? auth_type PASS
??????? auth_pass 1111
??? }
??? virtual_ipaddress {
??????? 172.25.1.100/24 ?????????????????? //虛擬ip為172.25.1.100/24
??? }
}

[root@test1 files]# cd ..
[root@test1 keepalived]# vim service.sls?????????????????

include:
? - keepalived.install

/etc/keepalived/keepalived.conf:
? file.managed:
??? - source: salt://keepalived/files/keepalived.conf
??? - template: jinja????????????????????????????????????????????? //Jinja的使用：在state文件中使用"- template: jinja"聲明
??? - context:
????? STATE: {{ pillar['state'] }}?????????????????????? //兩個變量給予賦值，和上面不同的是這里的值采用了Pillar方式
????? PRIORITY: {{ pillar['priority'] }}

kp-service:
? file.managed:
??? - name: /etc/init.d/keepalived
??? - source: salt://keepalived/files/keepalived
??? - mode: 755
? service.running:
??? - name: keepalived
??? - reload: True
??? - watch:
????? - file: /etc/keepalived/keepalived.conf

在master端打開pillar服務,若已經打開

[root@test1 keepalived]# vim /etc/salt/master

[root@test1 keepalived]# /etc/init.d/salt-master restart

[root@test1 keepalived]# cd /srv/pillar/

[root@test1 pillar]# mkdir keepalived/?????????

[root@test1 pillar]# cd keepalived/

[root@test1 keepalived]# vim install.sls

{% if grains['fqdn'] == 'test3' %}
state: MASTER
priority: 100
{% elif grains['fqdn'] == 'test4' %}
state: BACKUP
priority: 50
{% endif %}

[root@test1 keepalived]# cd ..

[root@test1 web]# cd ..

[root@test1 pillar]# vim top.sls

base:
? '*':
??? - keepalived.install

[root@test1 pillar]# cd ../salt/

test1和test2可以使用grains或者pillar模塊，這里用grains模塊

[root@test1 salt]# vim /etc/salt/minion

[root@test1 salt]# /etc/init.d/salt-minion restart

[root@test2 ~]# vim /etc/salt/minion

[root@test2 salt]# /etc/init.d/salt-minion restart

[root@test1 salt]# vim top.sls

base:
? 'test3':
??? - haproxy.service
??? - keepalived.service
? 'test4':
??? - haproxy.service
??? - keepalived.service
? 'roles:apache':
??? - match: grain?????????????????????? //要匹配的主機需要打開grains模塊

??? - apache.service

? 'roles:nginx':
??? - match: grain
??? - nginx.service

8、一步高級推，實現最終目的

[root@test1 salt]# salt '*' state.highstate

9、查看服務是否已經開啟：

test1:

test2:

test3:

test4:

此時即可實現haproxy+keepalived負載均衡+高可用

10、進行測試：

首先在test1端寫一個測試的web頁面

[root@test1 apache]# cd /usr/local/nginx/html/
[root@test1 html]# vim index.html

由于test2端在一鍵推送的時候已經將web測試的index.html推送過來了，所以可以直接進行測試

為了確保，我們不妨查看一下：

[root@test2 html]# pwd
/var/www/html
[root@test2 html]# ls
index.html
[root@test2 html]# cat index.html
<h1>westos</h1>

測試一：測試負載均衡：

在物理機上進行curl測試，可以看到實現了負載均衡

測試二：測試高可用性：

我們可以看test3和test4的ip(keepalived)：

可以看出test3上有虛擬ip,這是因為test3的keepalived服務是master,test4的keepalived服務是backup

若此時我們將test3的keepalived服務宕掉，會發現什么呢：

[root@test3 haproxy]# /etc/init.d/keepalived stop

此時test4會將虛擬ip承接過去。而服務沒有受到影響。

若將test3和test4的服務都宕掉，此時服務不可用：

[root@test4 salt]# /etc/init.d/keepalived stop

測試結束，還原服務，將test3和test4的keepalived服務重啟。

測試三：測試haproxy對后端的檢查：

在訪問都正常的情況下，將test2的apache服務宕掉

[root@test2 html]# /etc/init.d/httpd stop

此時進行訪問：

發現只能訪問到test1主機，并沒有發生報錯現象，這說明haproxy對后端是有進行檢查的。并沒有繼續進行負載均衡。保證了客戶的正常訪問。

到此，實驗結束。

補充一點知識！！！！！！！！！

下列三條命令均可用于查看有幾個minion監聽

[root@test1 haproxy]# salt test? test.ping??????????? //查看有test？在監聽

[root@test1 haproxy]# salt test* test.ping?????????????? //查看有test？在監聽

[root@test1 haproxy]# salt '*' test.ping????????????????? //查看所有的監聽主機